A conventional approach to authenticating a user involves comparing current user authentication factors with previous user authentication factors. If the current user authentication factors closely match the previous user authentication factors, then the risk is low that the user is an imposter. However, if the current user authentication factors do not closely match the previous user authentication factors, then the risk is high that the user is an imposter.
Along these lines, suppose that an authentication server receives current browser characteristics (e.g., browser type, browser version, a cookie, browser language, etc.) from a user computer during a current authentication operation. A close match between the current browser characteristics and previous browser characteristics for the legitimate user indicates a low risk that the human operating the user computer is an imposter. However, a poor match between the current browser characteristics and the previous browser characteristics indicates greater risk that the human operating the user computer is an imposter.